Chapter 14

1:
What optional network security services does IPSec offer?
A1:
Answer: Data confidentiality, data integrity, data origin authentication, anti-replay
2:
When would you apply quality of service parameters to a tunnel interface?
A2:
Answer: When you are using GRE and IP-in-IP (IPIP) tunnel protocols.
3:
Which IPSec options does an IPSec transform set define?
A3:
Answer:

Mechanism for payload authentication AH transform

Mechanism for payload encryption ESP transform

IPSec mode Transport versus tunnel

ESP transform of the quality of service parameters
4:
What are the two main protocols used with IPSec as implemented by Cisco Systems?
A4:
Answer: The authentication header and the encapsulation security payload are both used with IPSec.
5:
IKE is considered what type of protocol and provides IPSec with which services?
A5:
Answer: IKE is considered a hybrid protocol. It is used to provide IPSec with utility services, such as the establishment of a shared secret.
6:
What is one issue you might encounter when trying to implement QoS within a VPN?
A6:
Answer: One issue you might face when implementing QoS in a VPN tunnel is the requirement that the QoS parameter you normally find in the header of the IP packet needs to be reflected in the tunnel packet header, regardless of the type of tunnel you choose to use.
7:
What two modes can the authentication header or encapsulating security payload protocols be run in?
A7:
Answer: They can be run in tunnel mode or transport mode.
8:
What four items do IKE peers agree on during negotiations?
A8:
Answer: An encryption algorithm, a hashing algorithm, an authentication method, the lifetime of the SA.
9:
What three types of VPNs are available to you?
A9:
Answer: Access, site-to-site, extranet
10:
What match criteria can you use when classifying packets for QoS?
A10:
Answer:

IP addresses

TCP/UDP port numbers

IP precedencethe 3 bits in the ToS field of the IP packet header

URL and sub-URL

MAC addresses

Time of day

[ LiB ]

1:	What optional network security services does IPSec offer?
A1:	Answer: Data confidentiality, data integrity, data origin authentication, anti-replay
2:	When would you apply quality of service parameters to a tunnel interface?
A2:	Answer: When you are using GRE and IP-in-IP (IPIP) tunnel protocols.
3:	Which IPSec options does an IPSec transform set define?
A3:	Answer: Mechanism for payload authentication AH transform Mechanism for payload encryption ESP transform IPSec mode Transport versus tunnel ESP transform of the quality of service parameters
4:	What are the two main protocols used with IPSec as implemented by Cisco Systems?
A4:	Answer: The authentication header and the encapsulation security payload are both used with IPSec.
5:	IKE is considered what type of protocol and provides IPSec with which services?
A5:	Answer: IKE is considered a hybrid protocol. It is used to provide IPSec with utility services, such as the establishment of a shared secret.
6:	What is one issue you might encounter when trying to implement QoS within a VPN?
A6:	Answer: One issue you might face when implementing QoS in a VPN tunnel is the requirement that the QoS parameter you normally find in the header of the IP packet needs to be reflected in the tunnel packet header, regardless of the type of tunnel you choose to use.
7:	What two modes can the authentication header or encapsulating security payload protocols be run in?
A7:	Answer: They can be run in tunnel mode or transport mode.
8:	What four items do IKE peers agree on during negotiations?
A8:	Answer: An encryption algorithm, a hashing algorithm, an authentication method, the lifetime of the SA.
9:	What three types of VPNs are available to you?
A9:	Answer: Access, site-to-site, extranet
10:	What match criteria can you use when classifying packets for QoS?
A10:	Answer: IP addresses TCP/UDP port numbers IP precedencethe 3 bits in the ToS field of the IP packet header URL and sub-URL MAC addresses Time of day